Power-up self tests, Conditional tests – Dell POWEREDGE M1000E User Manual

522

Fabric OS Administrator’s Guide

53-1001763-02

Zeroization functions

D

Power-up self tests

The power-up self tests (POST) are invoked by powering on the switch in FIPS mode and do not
require any operator intervention. These power-up self tests perform power-on self-tests. If any
KATs fail, the switch goes into a FIPS Error state which reboots the system to start the tests again. If
the switch continues to fail the FIPS POSTs, you will need to boot into single-user mode and perform
a recovery procedure to reset the switch. For more information on this procedure, refer to the
Fabric OS Troubleshooting and Diagnostics Guide.

Conditional tests

These tests are for the random number generators and are executed to verify the randomness of
the random number generator. The conditional tests are executed each time prior to using the
random number provided by the random number generator.

FCSP Challenge
Handshake
Authentication Protocol
(CHAP) Secret

secAuthSecret –-remove
value | –-all

The secAuthSecret

--

remove value is used to remove

the specified keys from the database. When the
secAuthSecret command is used with –-remove –-all
option then the entire key database is deleted.

Passwords

passwdDefault
fipscfg –-zeroize

This will remove user-defined accounts in addition to
default passwords for the root, admin, and user
default accounts. However only root has permissions
for this command. So securityadmin and admin roles
need to use fipsCfg

–-

zeroize, which in addition to

removing user accounts and resetting passwords, also
does the complete zerioization of the system.

RADIUS secret

aaaConfig –-remove

The aaaConfig

--

remove zeroizes the secret and

deletes a configured server.

RNG seed key

No CLI required

/dev/urandom is used as the initial source of seed for
RNG. RNG seed key is zeroized on every random
number generation.

SSH RSA private key

sshutil delprivkey

Key-based SSH authentication is not used for SSH
sessions.

SSH RSA public key

sshutil delpubkeys

Key-based SSH authentication is not used for SSH
sessions.

SSH session key

No CLI required

This is generated for each SSH session that is
established to and from the host. It automatically
zeroizes on session termination.

Third-party keys

secCertUtil delete -fcapall

Used to zeroize third-party keys.

TLS authentication key

No CLI required

Automatically zeroized on session termination.

TLS pre-master secret

No CLI required

Automatically zeroized on session termination.

TLS private keys

secCertUtil delkey -all

The command secCertUtil delkey -allis used to zeroize
these keys.

TLS session key

No CLI required

Automatically zeroized on session termination.

TABLE 102

Zeroization behavior (Continued)

Keys

Zeroization CLI

Description